Is there anywhere to see LAN IPs of devices not leased through DHCP?

[pseudonym3k]

I set up a camera with a fixed IP address in its settings.

I specified the LAN IP (192.168.1.18), the subnet mask (255.255.255.0), the gateway (192.168.1.1 - OPNsense), and the DNS (192.168.1.1 also OPNsense with DNS servers in System->Settings).

I tested the camera on Ethernet and on Wifi and it's working either way. But I don't see it anywhere in OPNsense, not even in the live firewall logs.

Is there someplace I can see a device that is configured like this?

Thank you.

[pfry]

[...]Is there someplace I can see a device that is configured like this?

For the devices themselves, perhaps "Interfaces: Neighbors: Automatic Discovery"? I don't use it myself, but the serious issues should be worked out. Also, "Interfaces: Diagnostics: ARP Table" for more conventionally mapped devices.

For firewall logs, you need logging enabled for the matched rule(s). this assumes traffic passing through the firewall, of course.

[viragomann]

Also to find the IP in the ARP table presumes that the traffic is passed through OPNsense.
So for communications between devices within the same subnet no ARP entry is added on the router.

[pseudonym3k]

For the devices themselves, perhaps "Interfaces: Neighbors: Automatic Discovery"? I don't use it myself, but the serious issues should be worked out. Also, "Interfaces: Diagnostics: ARP Table" for more conventionally mapped devices.

I have not visited either one of those areas before so thank you for introducing them to me. However, I did not find my camera in either one, not by IP nor by MAC address.

For firewall logs, you need logging enabled for the matched rule(s). this assumes traffic passing through the firewall, of course.

I'm thinking you're right, OPNsense is not aware of the camera. I don't think it has initiated any internet connection, it is just communicating on the LAN.

I'm using a desktop PC browser to open a web setup page to the camera, and also to view the camera feed. I will be adding it to my local-only camera NVR after I give it a lease through Dnsmasq and remove the hard coded settings from the camera.

Assuming this is what's happening (OPNsense is unaware of LAN-only devices that weren't assigned a lease through OPNsense), what would someone like me use to monitor for devices on my LAN? I'm at virtually no risk, personally, not even from a neighbor - but it feels like security hole so just asking the question. Thank you for your thoughts here.

[pseudonym3k]

Also to find the IP in the ARP table presumes that the traffic is passed through OPNsense.
So for communications between devices within the same subnet no ARP entry is added on the router.

See my reply to pfry - I think you are right, since DHCP did not hand out a lease OPNsense is not involved in any LAN only communications for the camera in question.

[nero355]

Assuming this is what's happening (OPNsense is unaware of LAN-only devices that weren't assigned a lease through OPNsense), what would someone like me use to monitor for devices on my LAN?

This is pretty much what you are looking for in OPNsense :

For the devices themselves, perhaps "Interfaces: Neighbors: Automatic Discovery"?

And if you happen to use Pi-Hole then you can use a built-in function that does something similar.

There are also projects like this one : https://github.com/netalertx/NetAlertX

Pick the one you like the most :)

I'm at virtually no risk, personally, not even from a neighbor - but it feels like security hole so just asking the question.

As long as you don't have random people connecting devices to your network without you knowing it the risk is pretty low...

Also to find the IP in the ARP table presumes that the traffic is passed through OPNsense.
So for communications between devices within the same subnet no ARP entry is added on the router.

Not always :

A device can ask all other devices on the network "Who is <another device> ?" and in that case it can appear in the ARP/RARP Cache.
Also that Cache expires so maybe there hasn't been any communication in the last 300 seconds :)